Password based authenticated key agreement protocols have been the most widely used methods for user authentication, since it allows people to choose and remember their own passwords without any assistant device. Password based authenticated key agreement protocols, however, are vulnerable to password guessing attacks since users usually choose easy-to-remember passwords. Recently, Lee and Lee pointed out that N. Y. Lee et al.'s password based authenticated key agreement protocol is vulnerable to a man-in-the-middle attack, and then proposed an improvement to overcome the attack. This paper, however, demonstrates that Lee-Lee's password based authenticated key agreement protocol is still vulnerable to off-line password guessing attacks, and then proposes an improvement of the protocol in order to overcome such security attacks.